If public resources are used, then there should be a description of the public resources that are used, what data is retrieved from public resources, and how that data is used for verification of the entity referenced in the certificate.
I In addition to confirming the data to be included in the certificate by comparing it against a information obtained from an independent third party directory, there should also be a method for contacting the organization through an independent means to confirm that the certificate subscriber is authorized by the organization to request that certificate.
=== DNS names go in SAN ===